CVE-2026-23748

Source
https://cve.org/CVERecord?id=CVE-2026-23748
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23748.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23748
Published
2026-02-26T17:31:32.584Z
Modified
2026-07-08T08:12:40.306106565Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Golioth Firmware SDK < 0.22.0 LightDB State Out-of-Bounds Read
Details

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payloadsize value less than 2 can cause a sizet underflow when computing the number of bytes to copy (nbytes). The subsequent memcpy() reads past the end of the network buffer, which can crash the device. The condition is reachable from onpayload, and goliothpayloadisnull() does not block payload_size==1. A malicious server or MITM can trigger a denial of service.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23748.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-191"
    ]
}
References

Affected packages

Git / github.com/golioth/golioth-firmware-sdk

Affected ranges

Type
GIT
Repo
https://github.com/golioth/golioth-firmware-sdk
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0.10.0"
        },
        {
            "fixed": "0.22.0"
        }
    ]
}

Affected versions

v0.*
v0.10.0
v0.11.0
v0.11.1
v0.12.0
v0.12.1
v0.12.2
v0.13.0
v0.13.1
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.18.1
v0.19.0
v0.19.1
v0.20.0
v0.21.0
v0.21.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23748.json"